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IN THE CLAIMS: 

Please amend claims 1, 3, 10-12 and 19-20, and cancel claims 2 and 33 as 
follows below: 

1 . (Currently amended) An improved security processing circuit for 
performing 3DES IPsec security processing services for a host system using a DES 
engine, the security processing circuit comprising: 

the DES engine having a message input, a cipher key input, and a pre-data 
output, the engine adapted to receive and selectively process a block of data from the 
message input of the security processing circuit during a first DES processing 
operation, and subsequently to process data from an intermediate result during second 
and third DES processing operations and store an intermediate result of the third DES 
processing operation to the pre-data output; 

a security keys circuit having a set of cipher keys input and a key output, the 
security keys circuit operable to select and transfer a different cipher key to the key 
output coupled to the cipher key input of the DES engine selected from the set of cipher 
keys associated with each DES processing operation during the first, second and third 
DES processing operations; and 

a data output circuit having a pre-data input and a data output, the pre-data input 
of the data output circuit coupled to the pre-data output of the DES engine, and the 
data output selectively coupleable to the host system, the data output circuit operable to 
further security process data from the pre-data input and to selectively exclusive OR an 
initialization vector with the processed data and latch a final third DES result to the data 
output of the security processing circuit for use by the host systerT^ 

wherein the DES engine comprises: 

a permutation block having the message input and a permutation output, 

the permutation block operable to receive a block of data at the message input 

and to perform an initial permutation of the message input data and provide a 

permutation result at the permutation output; 
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a data input multiplexer having a first and second input and a data 
selection output, the data input multiplexer operable to select and couple one of 
the first and second inputs to the data selection output; 

an intermediate result register having a data input coupled to the data 
selection output, a clock input, and a latched data output, the register operable to 
store right and left half results of the initial permutation or of an eight round 
cipher process based on data present at the data input upon receipt of a clock 
signal at the clock input; 

eight cipher blocks having a data input, a key input, and a cipher output, 
operable to receive data at the data input and a key at the key input, to perform 
the cipher process comprising right and left halves of a seouential eight step 
cipher process on the data at the data input employing the key, and to provide a 
first and second cipher result during a first and second eight step cycle of each 
of the three PES processing operations: 

a pre-data output multiplexer having a first and second input and a data 
selection output, the pre-data output multiplexer operable to select and couple 
one of the first and second inputs to the data selection output; and 

a pre-data output register having a data input, a clock input, and a latched 
data output, 

wherein the permutation output of the permutation block is coupled to the 
first input of the data input multiplexer, the data selection output of the data input 
multiplexer coupled to the data input of the intermediate result register, the 
latched data output of the intermediate result register coupled to the data input of 
the eight cipher blocks having the cipher output of the eight cipher blocks 
feedback coupled to the second input of the data input multiplexer and to the first 
input of the pre-data output multiplexer, the data selection output of the pre-data 
output multiplexer coupled to the pre-data output register, the latched data 
output of the pre-data output register feedback coupled to the second input of 
the pre-data output multiplexer and the pre-data output . 
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2. (Cancelled). 

3. (Currently amended) The security processing circuit of claim [[2]] 1, 
wherein the DES engine is further operable to perform the initial permutation of 

the message input data using the permutation block-P-B, initially select the permutation 
result with the data input multiplexer mu l tip l exor D l Mux and couple and store the result 
to the intermediate result register RREG/LREG during a data input latch cycle, to 
transfer the initial result and the cipher key from the security keys circuit to the eight 
cipher blocks for cipher processing and intermediate storage of the right and left halves 
of the first eight step cipher results subsequent to selection of the second input of the 
data input multiplexer mu l t i p le xor D l Mux into the intermediate result register 
R REG/L REG during the first cipher process cycle, to transfer the stored intermediate 
result and the cipher key from the security keys circuit to the eight cipher blocks for 
cipher processing and intermediate storage of the right and left halves of the second 
eight step cipher results subsequent to selection of the second input of the data input 
multiplexer mu l t i p l exor D l Mux into the intermediate result register R REG/L REG and 
the pre-data output register PREDO subsequent to selection of the first input of the 
pre-data output multiplexer mu l t i p l exor PDO Mux during the second cipher process 
cycle of the first DES processing operation, and 

wherein the DES engine is operable to repeat the first and second cipher 
process cycles for the subsequent second and third DES security processing 
operations of the security processing circuit, and latch the intermediate result of the 
third DES operation to the pre-data output of the pre-data output register PRE DO of 
the DES engine, using the selection of the second input of the pre-data output 
multiplexer mu l t i p l exor PDO Mux during the third DES processing operation of the 
3DES security processing. 
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4. (Original) The security processing circuit of claim 3, wherein the 3DES 
processing is completed in three single DES processing operations. 

5. (Original) The security processing circuit of claim 3, wherein the 3DES 
processing is completed in eight clock cycles. 

6. (Original) The security processing circuit of claim 3, wherein the first, 
second and third DES processing operations each have a duration of two clock cycles. 

7. (Original) The security processing circuit of claim 5, wherein the clock 
cycle has a period of about 8ns. 

8. (Original) The security processing circuit of claim 5, wherein the eight 
clock cycles of the 3DES security processing comprise: 

a data input latch cycle; 

a first DES processing operation comprising two cycles; 
a second DES processing operation comprising two cycles; 
a third DES processing operation comprising two cycles; and 
a data output latch cycle. 

9. (Original) The security processing circuit of claim 1 , further comprising a 
clock input coupled to one or more of the DES engine, the security keys circuit, and the 
data output circuit for timing clock cycles of the first, second and third DES processing 
operations of the 3DES processing for the security processing circuit. 

1 0. (Currently amended) The security processing circuit of claim 1 , wherein 
the security keys circuit comprises: 
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a set of cipher keys input, wherein the set of cipher keys comprise three different 
cipher keys, each cipher key associated with one of the three DES processing 
operations of the 3DES security processing; 

a keys input multiplexer mu l t i p l exor Koy Mux having a set of cipher keys input, 
and a cipher key selection output, the keys input multiplexer ma* operable to select and 
couple a cipher key to the cipher key selection output; and 

a security keys register SKREG having a data input, a clock input, and a 
latched data output, the register operable to store the cipher key selection associated 
with one of the three DES processing operation of the 3DES security processing based 
on cipher key data at the data input upon receipt of a clock signal at the clock input, the 
latched data output of the security keys register SK REG coupled to the key input of 
the eight cipher blocks. 

1 1 . (Currently amended) The security processing circuit of claim 1 0, wherein 
the keys input multiplexer mu l t i plexor Koy Mux is operable to receive the three cipher 
keys and to selectively couple one of the three cipher keys associated with a DES 
processing operation to the Des engine during the three DES processing operations of 
the 3DES security process. 

1 2. (Currently amended) The security processing circuit of claim 1 , wherein 
the data output circuit comprises: 

an inverse permutation block \P& having a pre-data input and an inverse 
permutation output, the inverse permutation block operable to receive and further 
security process the pre-data output from the DES engine, performing an inverse 
permutation of the pre-data and transfer the processed data to the inverse permutation 
output; 

an XOR gate XOR having a processed data input, an initialization vector input, 
and an XOR gate output, the XOR gate operable to selectively exclusive OR the 
initialization vector at the initialization vector input together with the processed data 



Serial No. 10/730,681 
Page 8 

from the inverse permutation output of the inverse permutation block coupled to the 
processed data input, and transfer the XOR data to the XOR gate output; 

a data output multiplexer mu l t i plexor DO Mux having a first and second input, a 
selection control signal, and a data selection output, the data output multiplexer mu* 
operable to select and couple one of the first and second inputs to the data selection 
output, based on the state of the selection control signal, the first input coupled to the 
XOR gate output, and the second input coupled to a data output register DOREG ; and 

the data output register DO REG having a data input, a clock input, and a 
latched data output, the register operable to store the output data results of the third 
DES process based on data present at the data input upon receipt of a clock signal at 
the clock input, the latched data output of the data output register DO REG feedback 
coupled to the second input of the data outpu t multiplexer mu l t i p l exor DO Mux to insure 
latching of the data at the output, 

wherein the data output circuit is operable to further security process data from 
the pre-data input and to selectively exclusive OR an initialization vector with the 
processed data and latch a final third DES result to the data output of the security 
processing circuit for use by the host system. 

1 3. (Original) The security processing circuit of claim 1 2, wherein the data 
output circuit is operable to further security process data from the pre-data input and to 
selectively exclusive OR an initialization vector with the processed data and latch a final 
third DES result to the data output of the security processing circuit for use by the host 
system. 

14. (Original) The security processing circuit of claim 1 , wherein the security 
processing circuit resides within a network interface device of a host system for 
performing 3DES encryption and decryption services for the host system using a Des 
engine. 
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1 5. (Original) The security processing circuit of claim 1 , further comprising a 
network interface device coupled with the security processing circuit, the network 
interface device being adapted to selectively encrypt outgoing data from the host 
system to cryptographically process data for transmission to the network. 

1 6. (Original) The security processing circuit of claim 1 5, wherein the network 
interface device comprises a bus interface, a media access control system, and the 
security processing circuit. 

1 7. (Original) The security processing circuit of claim 1 6, wherein the network 
interface device is a single integrated circuit. 

1 8. (Original) The security processing circuit of claim 1 , wherein the circuit 
comprises an IPsec circuit adapted to selectively provide authentication, encryption, 
and decryption functions for incoming and outgoing data. 

1 9. (Currently amended) An improved DES engine used in a security 
processing circuit for performing 3DES IPsec security processing, the DES engine 
comprising: 

a permutation block P-B having the message input and a permutation output, the 
permutation block P-S operable to receive a block of data at the message input and to 
perform an initial permutation of the message input data and provide a permutation 
result at the permutation output; 

a data input multiplexer mu l t i p l exor D l Mux having a first and second input and a 
data selection output, the data input multiplexer mux operable to select and couple one 
of the first and second inputs to the data selection output; 

an intermediate result register R REG/L REG having a data input coupled to the 
data selection output , a clock input, and a latched data output, the register operable to 
store right and left half results of the initial permutation or of a n eight round cipher 
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process based on data present at the data input upon receipt of a clock signal at the 
clock input; 

eight cipher blocks having a data input, a key input, and a cipher output, 
operable to receive data at the data input and a key at the key input, to perform the 
cipher process comprising right and left halves of a sequential eight step cipher process 
on the data at the data input employing the key, and to provide a first and second 
cipher result during a first and second eight step cycle of each of the three DES 
processing operations; 

a pre-data output multiplexer mu l tiplexor PDO Mux having a first and second 
input and a data selection output, the pre-data multiplexer mux operable to select and 
couple one of the first and second inputs to the data selection output; and 

a pre-data output register PREDO having a data input, a clock input, and a 
latched data output, 

wherein the engine is adapted to receive and selectively process a block of data 
from the message input of the security processing circuit during a first DES processing 
operation, and subsequently to process data from an intermediate result during second 
and third DES processing operations of a 3DES security processing and store an 
intermediate result of the third DES processing operation to a pre-data output of the 
pre-data output register PRE DO , and 

wherein the permutation output of the permutation block P-B-is coupled to the first 
input of the data input multiplexer mu l t i p l exor D l Mux , the data selection output of the 
data input multiplexer mu l t i p le xor D l Mux coupled to the data input of the intermediate 
result register RREG/LREG , the latched data output of the intermediate result 
register R REG/L REG coupled to the data input of the eight cipher blocks having the 
cipher output of the eight cipher blocks feedback coupled to the second input of the 
data input multiplexer mu l t i p l exor D l Mux and to the first input of the pre-data output 
multiplexer mu l t i p l exor PDO Mux , the data selection output of the pre-data output 
multiplexer mu l t i p l exor PDO Mux coupled to the pre-data output register PRE DO , the 
latched data output of the pre-data output register PRE DO feedback coupled to the 
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second input of the pre-data output multiplexer mu l t i p l exor PDO Mux and the pre-data 
output. 

4220. (Currently amended) The DES engine of claim 19, 
wherein the engine is further operable to perform the initial permutation of the 
message input data using the permutation block-PB, initially select the permutation 
result with the data input multiplexer mu l tiplexor D l Mux and coupled and store the 
result to the intermediate result register R REG/L REG during a data input latch cycle, 
to transfer the initial result and the cipher key from the security keys circuit to the eight 
cipher blocks for cipher processing and intermediate storage of the right and left halves 
of the first eight step cipher results subsequent to selection of the second input of the 
data input multiplexer mu l t i p le xor Dl Mux into the intermediate result register 
R REG/L REG during the first cipher process cycle, to transfer the stored intermediate 
result and the cipher key from the security keys circuit to the eight cipher blocks for 
cipher processing and intermediate result register R REG/L REG and the pre-data 
output register PREDO subsequent to selection of the first input of the pre-data output 
multiplexer mu l t i p l exor PDO Mux during the second cipher process cycle of the first 
DES processing operation, and 

wherein the DES engine is operable to repeat the first and second cipher 
process cycles for the subsequent second and third DES security processing 
operations of the security processing circuit, and latch the intermediate result of the 
third DES operation to the pre-data output of the pre-data output register PRE DO of 
the DES engine, using the selection of the second input of the pre-data output 
multiplexer mu l t i p le xor PDO Mux during the third DES processing operation of the 
3DES security processing. 



21 . (Original) The DES engine of claim 1 9, wherein the timing of the 3DES 
processing is completed in three single DES processing operations. 
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22. (Original) The DES engine of claim 19, wherein the timing of the 3DES 
processing is completed in eight clock cycles. 

23. (Original) The DES engine of claim 19, wherein the first, second and third 
DES processing operations each have a duration of two clock cycles. 

24. (Original) The DES engine of claim 22, wherein the clock cycle has a 
period of about 8ns. 

25. (Original) The DES engine of claim 22, wherein the eight clock cycles of 
the 3DES security processing comprise: 

a data input latch cycle; 

a first DES processing operation comprising two cycles; 
a second DES processing operation comprising two cycles; 
a third DES processing operation comprising two cycles; and 
a data output latch cycle. 

26. (Original) The DES engine of claim 1 9, further comprising a clock input 
coupled to one or more of the DES engine, the security keys circuit, and the data output 
circuit for timing clock cycles of the first, second and third DES processing operations of 
the 3DES processing for the security processing circuit. 

27. (Original) A method of performing 3DES IPsec security processing in a 
security processing circuit utilizing a DES engine, after the circuit has performed an 
initial permutation of a data message input to the circuit, the method comprising: 

selecting a permutation result of the initial permutation to couple the result to an 
intermediate result register during a first DES process; 

storing the permutation result in the intermediate result register; 
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cipher processing the stored permutation result using an eight cipher blocks to 
generate an intermediate result of the cipher processing; 

selectively storing the intermediate result in the intermediate result register; 

cipher processing the stored intermediate result using the eight cipher blocks to 
generate a first DES result of the cipher processing; and 

selectively storing the first DES result in the intermediate result register. 

28. (Original) The method of claim 27, wherein a second DES process further 
comprises: 

cipher processing the stored first DES result using the eight cipher blocks to 
generate a second intermediate result of the cipher processing; 

selectively storing the second intermediate result in the intermediate result 
register; 

cipher processing the stored second intermediate result using the eight cipher 
blocks to generate a second DES result of the cipher processing; and 

selectively storing the second DES result in the intermediate result register. 

29. (Original) The method of claim 28, wherein a third DES process further 
comprises: 

cipher processing the stored second DES result using the eight cipher blocks to 
generate a third intermediate result of the cipher processing; 

selectively storing the third intermediate result in the intermediate result register; 

cipher processing the stored third intermediate result using the eight cipher 
blocks to generate a third pre-data DES result of the cipher processing; 

selectively storing the third pre-data DES result in the intermediate result register 
and selectively storing the third pre-data DES result in a pre-data output register; 

performing an inverse permutation of the third pre-data DES result; 

exclusively ORing the result of the inverse permutation with an initialization 
vector to generate a 3DES result; and 
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selectively latching the 3DES result to a data output register. 

30. (Currently amended) A method of performing a single DES processing 
within a 3DES security processing circuit utilizing a DES engine, after the 3DES circuit 
has performed an initial permutation of a data message input to the circuit, the method 
comprising: 

receiving data of a permutation result of the initial permutation to a data input 
multiplexer mu l t i p le xor during a first DES process; 

selecting and coupling the permutation result at the data input multiplexer 
mu l t i p l exor to an intermediate result register; 

storing the permutation result in the intermediate result register; 

transferring the stored permutation result and a cipher key to an eight cipher 
blocks for cipher processing; 

cipher processing using the eight cipher blocks to generate data of an 
intermediate result of the cipher processing; 

storing the intermediate result in the intermediate result register; 

transferring the stored intermediate result and the cipher key to the eight cipher 
blocks for cipher processing; 

cipher processing the intermediate result data using the eight cipher blocks to 
generate a first DES result of the cipher processing; and 

storing the first DES result in the intermediate result register. 

31 . (Original) The method of claim 30, wherein a second DES process further 
comprises: 

cipher processing the stored first DES result using the eight cipher blocks to 
generate a second intermediate result of the cipher processing: 

selectively storing the second intermediate result in the intermediate result 
register; 
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cipher processing the stored second intermediate result using the eight cipher 
blocks to generate a second DES result of the cipher processing; and 

selectively storing the second DES result in the intermediate result register. 

32. (Original) The method of claim 31 , wherein a third DES process further 
comprises: 

cipher processing the stored second DES result using the eight cipher blocks to 
generate a third intermediate result of the cipher processing; 

selectively storing the third intermediate result in the intermediate result register; 

cipher processing the stored third intermediate result using the eight cipher 
blocks to generate a third pre-data DES result of the cipher processing; 

selectively storing the third pre-data DES result in the intermediate result register 
and selectively storing the third pre-data DES result in a pre-data output register; 

performing an inverse permutation of the third pre-data DES result; 

exclusively ORing the result of the inverse permutation with an initialization 
vector to generate a 3DES result; and 

selectively latching the 3DES result to a data output register. 

33. (Cancelled). 

34. (Original) A method of performing a DES processing within a 3DES 
security processing operation utilizing a DES engine of the security processing circuit, 
the method comprising: 

coupling and storing data of a first intermediate result to an intermediate result 
register; 

transferring the first intermediate result data from the register to a set of eight 
cipher blocks for cipher processing during a first cycle of the DES processing; 
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DES processing the data with an associated cipher key using the set of eight 
cipher blocks to produce a second intermediate result fed back to the intermediate 
result register; 

storing the second intermediate result back into the intermediate result register; 

transferring the second intermediate result data from the register to the set of 
eight cipher blocks for cipher processing during a second cycle of the DES processing; 

DES processing the second intermediate result data with the associated cipher 
key using the set of eight cipher blocks to produce a third intermediate result fed back 
to the intermediate result register; and 

storing the third intermediate result back in the intermediate result register on the 
second cycle of the DES processing. 



